26 Aug 2008 10:25
Red Hat warned on Friday that a network attack compromised some servers last week that are involved with both its commercially supported and free versions of Linux.
The breaches involved Red Hat Enterprise Linux (RHEL) servers and those from the company's community-supported Fedora project, which Red Hat sponsors.
Red Hat said in a security advisory that it is confident the intrusion did not compromise the Red Hat Network, which is the chief mechanism used to distribute changes to its RHEL product, or updates sent over the network. Customers are not at risk, the company said.
The open-source vendor also released a script designed to detect potentially compromised OpenSSH (OpenBSD's Secure Shell protocol implementation) packages.
"We are issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers," the advisory states.
The intruder was able to sign a "small number" of OpenSSH packages relating to RHEL versions 4 and 5. As a result, Red Hat is releasing an updated version of those packages. The company has published a list of the tampered packages and instructions for how to detect them.
A Fedora project leader issued an alert to a Fedora email list, stating that some Fedora servers were taken offline after they were found to have been illegally accessed last week.
"One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key," the alert said.
Despite the fact that there is no evidence that the Fedora key has been compromised, Fedora is converting to new Fedora signing keys because Fedora packages are distributed via multiple third-party mirrors and repositories.
Story URL: http://news.zdnet.co.uk/security/0,1000000189,39465449,00.htmCopyright © 1995-2009 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.